This directory conatins the patch I made to my 2.0.36 system to
support running an FTP server behind a masqerade box.  See 
"details.txt" for more information

Start with Steven Clarke's instructions on how to apply his IPPORTFW 
patch to enable port forwarding (and why you want to): 

<http://www.ox.compsoc.org.uk/~steve/portforwarding.html>

You need the port-forwarding patch as a prerequisite to getting any 
kind of masq'ed server set up, because the initial connection is 
incoming, so standard ip-forward/ip-masquerade doesn't know what 
to do with it.

*After* applying the IPPORTFW patch to your 2.0.36 kernel source 
tree, apply the patch in msqsrv-patch-36 the same way.  The order 
is important, because one of my patches actually modifies Steven's 
patch.

Then replace /usr/src/linux/net/ipv4/ip_masq_ftp.c with the version
in this directory.  My changes were extensive enough it seemed easier
just provide the whole updated file rather than a patch.

Rebuild the kernel and modules, install, add incoming port forwarding 
for port 21 via Steve's ipportfw utility, and Bob's your uncle!

Again, this is all applicable to the 2.0.36 kernel.  I haven't looked 
at the development kernels.  Steve's port forwarding patch may well 
have been integrated in the 2.2 kernel, but presumably an equivalent 
to my additional patch would still be needed, as well as the modified
version of ip_masq_ftp.c.

WARNING:

This patch *may* break other masqerade apps.  I don't expect it to,
but I haven't looked at them.  In theory, protocols where the packets 
the helper app is looking for go only in one direction (client to 
server, or vice-versa) should be unaffected by this patch.  Also, 
protocols where the client's source port is never a port to which 
a masq app is bound will not be affected.

But that's just theory.  If you are using any of the other masq 
apps, be sure to check them out (or be prepared to discover whether 
they still work by testing).  

Also, while this patch is working for me, YMMV and you use it at 
your own risk.  If that didn't scare you off, let me know how it 
works for you!

Cheers...

- Fred Viles <mailto:fv@episupport.com>
